Package impact
GO / github.com/shellhub-io/shellhub
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44426 | medium | 6.5 | 6.5 | 15d ago | ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check | |
| CVE-2026-44424 | medium | 6.5 | 6.5 | 15d ago | ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace | |
| CVE-2026-44423 | medium | 6.5 | 6.5 | 15d ago | ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data | |
| CVE-2026-44425 | medium | 5.4 | 5.4 | 15d ago | ShellHub has crash-DoS via field injection in filter and sort-by parameters |